Hackers Waste No Time Exploiting GDPR Plugin Vulnerability
On November 8, a security vulnerability was discovered in the plugin ‘WP GDPR Compliance’. GDPR (General Data Protection Regulations) compliance is a hot issue and many websites rushed to comply. (We brought our clients into GDPR compliance months earlier using a different solution.)
One of the popular GDPR compliance plugins for WordPress is ‘WP GDPR Compliance’, with over 100,000 installations. We monitor the various security relating websites and mailing lists, and when a notification is published we immediately verify that none of our clients are using the the offending plugin, theme, or WordPress version. If the plugin/theme/WP version is one used by a client we address the problem right away. Like within minutes.
The reason we react so quickly is that the hackers monitor the same lists and waste no time updating their bots to look for the new vulnerability. We scan our clients’ logs daily, and usually no more than 24 hours pass between a security vulnerability being published and the hackers’ bots start looking for it. It only took a few days for hundreds of website owners to find themselves dealing with hacked websites.
This is another reason why we believe our proactive approach to website management is vital. The average webmaster or website owner checks their plugins once a week at best. By then it is often too late.